From 95a8b4ea36dc2036241ede6efd406db79285f65e Mon Sep 17 00:00:00 2001 From: Roman Chutchev Date: Thu, 24 Feb 2022 07:59:24 +0300 Subject: [PATCH] Beta - release --- block_attackers_IP.bat | 7 +++++ main.py | 63 ++++++++++++++++++++++++++++++++++++------ settings.ini | 15 +++++++++- 3 files changed, 76 insertions(+), 9 deletions(-) create mode 100644 block_attackers_IP.bat diff --git a/block_attackers_IP.bat b/block_attackers_IP.bat new file mode 100644 index 0000000..42483cd --- /dev/null +++ b/block_attackers_IP.bat @@ -0,0 +1,7 @@ +cd C:\ps\ +main.exe +timeout 5 +cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ +smc.exe -exportadvrule C:\ps\rules.xml +timeout 5 +smc.exe -importadvrule C:\ps\rules_to_SEP.xml \ No newline at end of file diff --git a/main.py b/main.py index 1948c4c..8b3c69b 100644 --- a/main.py +++ b/main.py @@ -1,13 +1,19 @@ # Copyright - Roman Chutchev (RChutchev.ru) a.k.a. RChutchev -# Beta version +# version 1.0 Beta - Release +# INFO: settings.ini file REQUIRED in folder with .py or .exe import configparser import os import re import sys import pyautogui +import xml.etree.cElementTree as xmlET def check_file_exist(path, file_name): + # First: path - is path to folder + # Second: file_name - is name of file in path folder + # Return bool + # True if file exist, False if file is not found. if path and file_name is not None: f_name = str(path) + '\\' + str(file_name) f_result = os.path.isfile(f_name) @@ -28,6 +34,7 @@ def check_file_exist(path, file_name): config.read(config_path) config.sections() except configparser.NoSectionError as e: + # TODO: Check - may not work pyautogui.alert(text="Configuration (settings.ini) file error! \n No SEP section.", title="Error!") sys.exit(1) @@ -47,13 +54,31 @@ def check_file_exist(path, file_name): fallback=r'C:\\PS\\') NAME_OF_IPs_LIST = config.get('SEP', 'NAME_OF_IPs_LIST', fallback=r'iptoblock.txt') + IPsListDelimiter = config.get('SEP', 'IPsListDelimiter', + fallback="\n") + COUNT_TO_BLOCK = config.get('SEP', 'COUNT_TO_BLOCK', + fallback="2") + NAME_OF_SEP_RULE = config.get('SEP', 'NAME_OF_SEP_RULE', + fallback="THIS RULE WILL BE UPDATED AUTOMATICALLY") + NAME_XML_FROM_SEP = config.get('SEP', 'NAME_XML_FROM_SEP', + fallback=r'rules.xml') + NAME_XML_FOR_SEP = config.get('SEP', 'NAME_XML_FOR_SEP', + fallback=r'IPs_to_SEP.xml') DEBUG = False if config.get('SEP', 'DEBUG', fallback=False): DEBUG_ENABLED = config.get('SEP', 'DEBUG', fallback=False) - print(DEBUG_ENABLED) if DEBUG_ENABLED == 'True': DEBUG = True + DO_NOT_WRITE_LIST = False + if config.get('SEP', 'DO_NOT_WRITE_LIST_OF_IPs', fallback=False): + DO_NOT_WRITE_LIST_OF_IPs = config.get('SEP', 'DO_NOT_WRITE_LIST_OF_IPs', fallback=False) + if DO_NOT_WRITE_LIST_OF_IPs == 'True': + DO_NOT_WRITE_LIST = True + + if not check_file_exist(PATH_TO_FILE_WITH_IPs, NAME_XML_FROM_SEP): + pyautogui.alert(text="No SEP exported rules found.", title="Error!") + sys.exit(1) if check_file_exist(sep_path, log_name): if DEBUG: @@ -63,6 +88,7 @@ def check_file_exist(path, file_name): lines = log.readlines() lst = [] lst_clear = [] + two_or_more = [] for line in lines: # print("Line{}: {}".format(count, line.strip())) pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})') @@ -72,14 +98,35 @@ def check_file_exist(path, file_name): if not result[1].startswith(LOCAL_IP_MASK): # Exclude LOCAL IP ex. 192.168.***.*** if not any(ip in result[1] for ip in Ex_IPs): # Exclude from Settings.ini lst.append(result[1]) # Append to list - Result with duplicates - lst_clear = list(dict.fromkeys(lst)) # Final result list w/o duplicates + lst_clear = list(dict.fromkeys(lst)) # Final result list w/o duplicates + + for ip_for_ban in lst: + if lst.count(ip_for_ban) >= int(COUNT_TO_BLOCK): + two_or_more.append(ip_for_ban) + + lst_clear_to_ban = list(dict.fromkeys(two_or_more)) + # USE lst_clear_to_ban IPs to add to SEP for permanent block + # Read XML file here + tree = xmlET.parse(PATH_TO_FILE_WITH_IPs + NAME_XML_FROM_SEP) + AdvancedRule = tree.find(f"AdvancedRule[@Description='{NAME_OF_SEP_RULE}']") + to_add = {} + for ip in lst_clear_to_ban: + to_add["Start"] = ip + to_add["End"] = ip + HostGroup = AdvancedRule.find('HostGroup') + Rule = HostGroup.find(f"IpRange[@Start='{ip}']") + if Rule is None: + IPRange = xmlET.SubElement(HostGroup, 'IpRange', attrib=to_add) + # Write to XML file here + tree.write(PATH_TO_FILE_WITH_IPs + NAME_XML_FOR_SEP) - # Write to file here + # Write to text file here if len(lst_clear) != 0: - ips_file = open(PATH_TO_FILE_WITH_IPs + NAME_OF_IPs_LIST, 'w+') - for bad_ip in lst_clear: - ips_file.write(bad_ip + '\n') - ips_file.close() + if not DO_NOT_WRITE_LIST: + ips_file = open(PATH_TO_FILE_WITH_IPs + NAME_OF_IPs_LIST, 'w+') + for bad_ip in lst_clear: + ips_file.write(bad_ip + IPsListDelimiter) + ips_file.close() if DEBUG: pyautogui.alert(text="Found: " + str(len(lst_clear)) + ' IPs', title="INFO") pyautogui.alert(text="File saved!", title="INFO") diff --git a/settings.ini b/settings.ini index 6c84dfc..64c1d9a 100644 --- a/settings.ini +++ b/settings.ini @@ -10,6 +10,19 @@ ExLOCAL_IPs_MASK = 192.168. EXCLUDED_IP = 8.8.8.8, 8.8.4.4 # Where to save result file PATH_TO_FILE_WITH_IPs = C:\ps\ +# If you wat to DISABLE log file == True +DO_NOT_WRITE_LIST_OF_IPs = False +# Delimiter for IPs in file, default is - new line +# IPsListDelimiter = , +# How often IPs in log file to add in SEP Rule list +COUNT_TO_BLOCK = 5 # Name of result file NAME_OF_IPs_LIST = iptoblock.txt -DEBUG = True \ No newline at end of file +# Create rule in SEP Firewall, name of rule here +NAME_OF_SEP_RULE = THIS RULE WILL BE UPDATED AUTOMATICALLY +# Name of exported rules file here +NAME_XML_FROM_SEP = rules.xml +# Name of new rules file to add in SEP +NAME_XML_FOR_SEP = rules_to_SEP.xml +# FOR INTERNAL USE!! DO NOT ADD to schedule with DEBUG = TRUE. ONLY FOR DEBUG +DEBUG = False \ No newline at end of file